I am turning up a remote office this weekend and had a couple question about my VPN setup. This setup is using the 1841 IS router, and there is no external FW for our NAT operation.
We will be connecting to the interentet using 2 seperate T1s. In my early stages of design, I was going to use multilink ppp, but receiving the provisioning info today, I noticed that they were giving me 2 seperate networks for each T1. I then would use IP cef and static routes to utilize the full 3M of BW on my wan side. This being the case, My VPN tunnel source was originally going to be that of my multilink interface, but now that I don't have that common multilink interface to source, in order to make sure my tunnel uses both Ts, I assume I need to ensure that my tunnel source is going to be that of my fa 0/0.
This is also a split-tunnel scenario, so we are only going to NAT the traffic destined outside our private range.
My quesations there are:
1) in terms of Radius authentication for router access, how do I ensure that the radius info is traversing the tunnel to get back to our internal server at the flagship office. Vice versa to that, if I want to SSH into the router, can I use that of the loopback or does it have to be the Fa0/0 address since the tunnel endpoint is there?
2)Since I don't have an external firewall at this location handling our NAT, will this design work if I configured the FA interface for 192.168.x.x, made sure there was a static NAT entry for that IP, and used that public IP address as the peer ip on my concentrator at the head end?
If anyone has any suggestions or tips for me, I would appreciate all feedback. Thank you all in advanced.
DocumentationCode download linksGoalRequirementLimitationsSupported ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in HA
DocumentationCode download linksGoalRequirementLimitationsSupported ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and UCS-E Blades:Step by Step ConfigurationCo...
I am currently unable to specify "crypto keyring" command when configuring VPN connection on my cisco 2901 router.
The following licenses have been activated on my router :